| ... | Articles and Whitepapers |
| ... | Downloads |
| ... | Internet Resources |
| ... | Windows Server 2008 R2 Remote Desktop Services |
| ... | Windows Server 2003 Terminal Services |
| ... | About this Web Site |
| ... | Benny's Short Profile |
| ... | Benny's Biography |
| ... | Presentations 2010, 2009, 2008, 2007, 2006, 2005, 2004 and earlier |
 |
 |
 |
 |
Most Important Terminal Server Registry Keys and Values
Posted by Benny Tritsch on December 10, 2003 – updated on May 31, 2005
[Introduction] [General] [System
and User] [Default
User] [Folders] [Printers]
[Network]
Default User Configuration
An area relevant to Terminal Server users is located under HKLM \Software \Microsoft \Windows NT \CurrentVersion \Winlogon. It includes the AppSetup key, that defines a special script file called UsrLogon.cmd. This script file is executed along with a possible logon script on startup of each terminal server session. The same location also contains the WinStationDisabled key that either denies (0) or allows (1) new terminal server users to log on, regardless of the protocol.
| Value Names | Data Types, Default Value | Description |
| AllowMultipleTSSessions | DWORD: 0x1 | Set if a user may log in to multiple terminal server sessions. |
| AppSetup | SZ | Commands that are executed after user logon. Default value: UsrLogon.cmd. |
| AutoAdminLogon | SZ | If created and set to 1, this key allows an automatic logon of an administrator. This requires writing the appropriate values in DefaultUserName, DefaultPassword, and DefaultDomainName. On exit and restart, Windows should not ask for a password and automatically show the desktop of the user. It is also important to note that if the DontDisplayLastUserName value is enabled, the auto logon feature does not function (see Policies). The additional ForceAutoLogon setting must be enabled to stop the tweak from resetting on reboot |
| AutoLogonCount | SZ | This setting is used to limit the number of automatic logins, once the limit has been reached the auto logon feature will be disabled and the system will display the standard authentication box. Each time the system is rebooted, the value of AutoLogonCount will be decremented by one, until it reaches zero. When AutoLogonCount reaches zero, no account will be logged on automatically, the AutoLogonCount and DefaultPassword key values will be deleted from the registry, and AutoAdminLogon will be set to zero. |
| AutoRestartShell | DWORD: 0x1 | Restart shell (Explorer.exe) automatically if it was stopped. |
| CachedLogonsCount | SZ: 10 | This value controls the number of allowable cached login attempts when the network domain controller is unavailable. |
| DefaultUserName | SZ | Stores the user name needed for automatic logon or the last logged in user. |
| DefaultPassword | SZ | If created, this key may stores the password needed for automatic logon. The password is stored in registry, which means anyone who has access to the machine has access to the password. |
| DefaultDomainName | SZ | Stores the domain name needed for automatic logon |
| ForceAutoLogon | SZ | Normally when a Windows machine is configured to automatically logon to a specified account users can bypass this and enter alternate account information. This tweak forces the machine to auto logon and to ignore any bypass attempts. |
| Shell | SZ | Standard shell that is executed when a user logs on. Default value is Explorer.exe, but this may be changed on a Terminal Server. |
| ShowLogonOption | DWORD: 0x0 | If enabled, the start screen asking for Ctrl-Alt-Del is displayed. |
| ShutdownWithoutLogon | SZ | Defines if the server may be shut down from the start screen without user logon. |
| WinStationsDisabled | SZ | Either denies (0) or allows (1) new terminal server users to log on, regardless of the protocol. At the command shell, you can modify this value using the Change logon /enable or Change logon /disable commands. |
Another piece of information needed during logon is related to creating or loading the user profile. HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \ProfileList is accessed during user logon. The keys contain the default paths for a default user (DefaultUser), general user (AllUsers), and individual user profiles. Furthermore, this is the location where you can find a list of all users who have logged on to the system. If a user logs on to the terminal server for the first time, he or she inherits both the normal default user settings and the default values for the terminal server session. They are saved under HKLM \SYSTEM \Current ControlSet \Control \Terminal Server \DefaultUserConfiguration.
